By Haddon Libby

The East Coast is suffered a gas shortage this week as Russian hackers disabled the Colonial Pipeline.  Government-sponsored hackers from around the world continue to wreak havoc on businesses of all sizes whether it is a gas pipeline or a local online weekly…as in CV Weekly. We were hacked just last week.

According to IdentityForce, these are some of the most recent hacks in the United States:

Experian has an API (application programming interface) that was left unlocked.  This allowed hackers a back door into Experian’s online tool where they had access the credit scores of Americans.

Advertisement

Reverb is an online marketplace where 5.6 million users buy and sell instruments.  All personal information, including IP addresses were stolen.

GEICO just disclosed that hackers stole the license numbers of their clients between beginning January 21st.  The breach was discovered and closed on March 1st.

The payment parking app, ParkMobile had its records on 21 million customers stolen.

LinkedIn had its 500 million user profiles scraped and put into a database that was being sold over the Dark Web.

Old data on Facebook’s 533 million users was available at no cost in a low-level hacking forum.

The Cancer Treatment Centers of America had nearly 105,000 patient records stolen.

Hobby Lobby somehow misconfigured its cloud data system leaving information for 300,000 customers open to hackers.

The California DMV reported that the company that handles their billing was hacked.  This led to the theft of personal information including VINs, license plates and other driver data.

The Controller’s Office here in California was hackrd as an employee clicked on the link to a fake website.  As a result, personal identifying information (PII) on Unclaimed Property Holder Reports was stolen.

PII was also stolen at SITA, a company serving most airlines with telecommunications services.

Microsoft Exchange was hacked with the email accounts of more than 30,000 US organizations exposed.  Beyond the information stolen in this series of attacks, the compromise means that these clients may be exposed to further problems in the future.  Microsoft is urging its Exchanger Server users to use all updates immediately.

T-Mobile saw some customers have their SIM cards hijacked.  This meant that the hackers could take control over text messaging and calls and steal money from bank accounts.  Banks were left helpless as the thieves not only had the victim’s bank account information but the ability to foil two-factor authentication passcodes.

US Cellular was hacked when employees clicked on malicious links.  Hackers stole the data from nearly 5 million accounts.

Kroger, the owner of Ralph’s and Food for Less locally, had its third-party cloud network breached.  This left the human resources information of employees open to be stolen.

For all these one-off breaches of online security over the last months, one shows the true depth of the problem. A compilation of many breaches (aka COMB) contained over 3 billion matches of emails and passwords for services including Netflix, LinkedIn, Bitcoin, Yahoo email, Google’s Gmail and more. Approximately 200 million gmail and 450 million Yahoo email addresses and passwords were part of the data dump.

Some of the key takeaways for you and me include changing our passwords regularly and using combinations of letters and numbers unlike those that we might have used in the past.  It is more important than ever to stay vigilant against identity theft given the daily breaches happening through the United States.

As much as anything, do not click on links from people that you do not know. According to Cybersecurity Ventures, hacks and cybercrime happen every 11 seconds with Americans losing over $15 billion annually.  Security breaches typically last over six months before being discovered.

Haddon Libby is the Founder and Managing Partner of Winslow Drake Investment Management.  For more information, please visit www.WinslowDrake.com.